CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its
log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials
HTTP basic authentication credentials
A vulnerability in the net/http module of the Go programming language is related to improper input validation.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
A vulnerability in the Envoy proxy module is related to post-release memory usage. Exploitation
of the vulnerability could allow a remote attacker to cause a denial of service